One in five data theft cases in the world occur here
This is the first in a series of articles highlighting the recent massive breach of cyber security. ― ED.
By Kim Yoo-chul
Around 35 million of Korea's population of 52 million population use mobile devices.
But with this rising connectedness comes increased vulnerability to hacking; but so far, the country has failed to protect user information from hacking and other cyber security attacks.
"It's fair to say Korea has emerged as a haven for hackers," said Chun Kil-nam, an expert in cyber security and a former professor at the Korea Advanced Institute of Science and Technology, Tuesday.
"But what's worse is that the country has no comprehensive plans to ward off technologically sophisticated hackers and criminals," Chun said.
Global security software firm Symantec said in a recent analysis that the confidential information of over half-a-billion people around the world was hacked last year.
Korea alone accounted for 20 percent of those.
Of late, key networks at KT, the nation's No. 1 fixed-line operator, SK Broadband, a leading broadband service provider, and leading banks and state-run agencies have been attacked by hackers, which compromised their customers' credit card numbers, passwords and resident identification numbers.
Experts and analysts stressed that Korea needs to take two important steps over the long term to effectively handle the rising cyber security threats ― eliminate government intervention in and increase the budget for cyber security.
"If the government takes steps to fundamentally improve systems for cyber security right now, it will need up to 10 trillion won. But the cost will only soar if the country underestimates the growing risks and delays it," said Chun.
Lee Min-hwa, president of the Korea Creative Economy Research Center, blasted the government's tight control over cyber security and urged it to embrace free competition to improve related security systems.
"For example, financial institutions do not bear any responsibility for any cyber security-related issues as long as they meet regulatory conditions set by the top financial regulator," Lee said.
"That really doesn't make sense. Big organizations need to wake up to the various cyber security threats and start deploying effective defensive technologies on their own."
"Korea should become an environment where firms compete in terms of cyber security. If cyber security becomes a good marketing point, more investment will follow," said an official at AhnLab, a leading security software firm.
Lack of organized plans
Sadly, the government seems to be doing very little to strengthen cyber security in the country despite the promises made in the media.
The latest move by the Ministry of Science, ICT and Future Planning (MSIP) to create a task force in the wake of Microsoft's (MS) decision to end support for the Windows XP platform has drawn much criticism.
The MSIP confirmed that it has teamed up with the Korea Internet and Security Agency (KISA) to find new software solutions in order to cut the country's heavy reliance on MS-developed Windows programs.
"This is silly, and it's too bad that the setting up the task force is the government's answer to the public. Can you block organized cyber attacks by running a task force? You should be more considerate," said Kim Eun-sang, a programmer at a local software company.
Kim said open-based software is also very vulnerable to hacking and other cyber security attacks.
"Any hesitation by the government may produce disastrous results. The government should first team up with MS and even Google to develop customized patches. It should realize that developing its own software is very time-consuming and should instead gather know-how."
One MSIP official who declined to be named agreed with this criticism.
"To be frank, the best thing we can do right now is to closely monitor the movements of viruses and distribute vaccines and other security patches. But we know these aren't enough," he said.
Andrew Ginter, vice president of industrial security at Waterfall Security Solutions, said that there are different types of cyber attacks, including spear-phishing to get footholds in corporate networks ― using low-volume malware to bypass anti-virus systems and steal accounts, passwords and password hashes, to ultimately create new highly privileged accounts.
Ginter said that hackers no longer need to break into their target companies' systems, but simply enter through the front door using their brand new accounts and passwords.
"This kind of attack is extremely effective as it easily bypasses conventional defenses, including encryption, firewalls, anti-virus systems, security update programs, long passwords and so on," he said.